AARP, formerly known as the American Association of Retired Persons, has emailed its members, warning that the AARP website has been hacked. Although the website itself doesn't appear to have any warnings or notifications, the email is quite specific:

We have important information we want to share with you about a recent incident that occurred with our website. Despite our significant security defenses and on-going use of industry best practices, we discovered that someone accessed our website without our permission. No passwords, financial or sensitive personal data was obtained.

There have been no further details disclosed.

Those of us who have been following many website breaches know that break-in news tends to go from bad to worse. It is not at all clear how AARP discovered the hack or how the organization can state, definitively, that "no passwords, financial or sensitive personal data was obtained."

The AARP email goes on to suggest that members change their passwords frequently, monitor credit and debit cards, never provide financial information in response to an email inquiry, and follow the AARP scams advice site.

Until we hear more details, now would be an excellent time to change your AARP.org password, if you have one and, if you use the password on other sites, change those, too.